Aggregator

A vulnerability, which was classified as problematic, was found in Ajax Comment Form CST Plugin up to 1.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-3867. It is possible to initiate the attack remotely. There is no exploit available.

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita specializes in treating end-stage renal […]

A newly identified security vulnerability, CVE-2025-22234, has exposed a critical weakness in the widely-used Spring Security framework. According to the HeroDevs report, affecting several versions of the spring-security-crypto package, this flaw makes it possible for attackers to discern valid usernames through observable differences in login response times—an avenue for so-called “timing attacks.” Spring Security is […]

The post Spring Security Vulnerability Exposes Valid Usernames to Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

根据发表在《科学》期刊上的一项研究，研究人员报告了一种之前不知道的稀有肉食性毛虫会披着其猎物残骸潜伏在蜘蛛网上觅食。这种被称为“骨收集者”的独特新物种仅见于夏威夷瓦胡岛（Oa’hu）的某一个山坡上。夏威夷在地理上的与其它区域的隔离催生了具有独特适应特征的无脊椎动物，其中包括几种肉食性毛虫。研究人员报告，收骨毛虫是一种仅见于夏威夷的古老而多样的 Hyposmocoma 属的蛾科昆虫；它们是生活在封闭式蜘蛛网中的机会性食腐动物和捕食动物：以虚弱或死亡的昆虫为食，其中包括储藏的蜘蛛猎物。它们偶尔也会彼此吞噬。更重要的是，它们会用不可食用的昆虫猎物的身体残骸来精心装饰其便携式丝绸套；它们会仔细挑选、调整大小和安装这些丝绸套；这是一种阴森恐怖的伪装方式，其目的可能是不被其蜘蛛宿主发现。这些毛虫极为稀有，在 20 多年的实地考察中仅观察到 62 条这种毛虫。

Почему почтовый фильтр внезапно восстал против безобидных писем?

A vulnerability has been found in OpenPLC up to 64f9c11263229b019091e3c5a1896c184e0661a6 and classified as problematic. This vulnerability affects unknown code of the file server.cpp. The manipulation of the argument handleConnections leads to race condition. This vulnerability was named CVE-2025-46613. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Quantum StorNext up to 7.2.3. This affects an unknown part of the component Web GUI API. The manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2025-46617. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Icegram Express Plugin up to 5.7.49 on WordPress. Affected by this issue is some unknown functionality of the component Template Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-0671. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mitsubishi Electric CC-Link IE TSN Remote IO Module. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper validation of specified quantity in input. This vulnerability is known as CVE-2025-3511. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Quantum StorNext up to 7.2.3. Affected is an unknown function of the component Web GUI API. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-46616. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Bit Contact Form Form Plugin up to 2.18.3 on WordPress. Affected is an unknown function of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2580. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Prevent Direct Access Plugin up to 2.8.8.2 on WordPress. Affected by this vulnerability is the function pda_lite_custom_permission_check. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-3861. The attack can be launched remotely. There is no exploit available.

DeepMind 宣布发布 Lyria 2 音乐生成模型。第一代的音乐生成模型 Lyria 是在 2023 年发布的。Lyria 2 能提供高保真音乐和专业级音频输出，能捕捉不同音乐类型和复杂乐曲中的细微差别。Google 还同时开发了 Lyria RealTime，允许用户实时交互式地创作、演奏和控制音乐，混合不同音乐类型、融合不同风格，随时塑造音频。

Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via […]

The post Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in Winter CMS up to 1.2.2. Affected by this issue is some unknown functionality of the component SVG Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-37269. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WP-Optimize Plugin and SrbTransLatin Plugin on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTML Character Handler. The manipulation leads to HTML injection. This vulnerability is known as CVE-2023-1119. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in fossbilling up to 0.5.3. This issue affects some unknown processing. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2023-3568. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OSNEXUS QuantaStor and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2021-42080. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in OSNEXUS QuantaStor. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-42083. It is possible to initiate the attack remotely. There is no exploit available.